Patents by Inventor Oleg Ishanov

Oleg Ishanov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11403389
    Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.
    Type: Grant
    Filed: June 5, 2020
    Date of Patent: August 2, 2022
    Assignee: Acronis International GmbH
    Inventors: Vadim Karasev, Sergey Lebedev, Ravikant Tiwari, Oleg Ishanov, Evgeny A Aseev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11394738
    Abstract: Systems and methods for remediating vulnerabilities on a plurality of computing devices is disclosed herein. In one exemplary aspect, a method comprises classifying monitored data into a plurality of categories using a machine learning algorithm. For each respective data file of the monitored data, the method comprises retrieving one or more policies associated with a classified category of the respective data file and determining whether respective data file complies with the one or more policies. The method further comprises generating a compliance map based on compliance with policies for each respective data file of the monitored data, wherein the compliance map indicates vulnerabilities in the plurality of computing devices, determining whether the vulnerabilities are actionable, and in response to determining the vulnerabilities are actionable, requesting actions to be performed on the plurality of devices to remediate the vulnerabilities and non-compliance.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: July 19, 2022
    Assignee: Acronis International GmbH
    Inventors: Andrey Kulaga, Vladimir Strogov, Oleg Ishanov, Stanislav Protasov, Serguei Beloussov
  • Patent number: 11327848
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210097182
    Abstract: Disclosed herein are systems and methods for preventing anti-forensics actions. In one exemplary aspect, a method may identify a suspicious object from a plurality of objects on a computing device and monitor actions performed by the suspicious object. The method may intercept a first command by the suspicious object to create and/or modify a digital artifact on the computing device and subsequent to intercepting the first command, intercept a second command by the suspicious object to delete at least one of the suspicious object and the digital artifact. In response to intercepting both the first command to create and/or modify the digital artifact and the second command to delete at least one of the suspicious object and the digital artifact, the method may block the second command, and may store the suspicious object and the digital artifact in a digital repository.
    Type: Application
    Filed: August 28, 2020
    Publication date: April 1, 2021
    Inventors: Vladimir Strogov, Oleg Ishanov, Alexey Dod, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210092135
    Abstract: Disclosed herein are systems and method for generating and storing forensics-specific metadata. In one aspect, a digital forensics module is configured to generate a backup of user data stored on a computing device in accordance with a backup schedule. The digital forensics module identifies, from a plurality of system metadata of the computing device, forensics-specific metadata of the computing device based on predetermined rules, wherein the forensics-specific metadata is utilized for detecting suspicious digital activity. The digital forensics module generates a backup of the forensics-specific metadata in accordance with the backup schedule and analyzes the forensics-specific metadata for an indication of the suspicious digital activity on the computing device. In response to detecting the suspicious digital activity based on the analysis, generates a security event indicating that the suspicious digital activity has occurred.
    Type: Application
    Filed: September 25, 2019
    Publication date: March 25, 2021
    Inventors: Vladimir Strogov, Oleg Ishanov, Alexey Dod, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210014243
    Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.
    Type: Application
    Filed: June 22, 2020
    Publication date: January 14, 2021
    Inventors: Andrey Kulaga, Vladimir Strogov, Sergey Ulasen, Oleg Ishanov, Igor Kornachev, Nikolay Grebennikov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200387597
    Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.
    Type: Application
    Filed: June 5, 2020
    Publication date: December 10, 2020
    Inventors: Vadim Karasev, Sergey Lebedev, Ravikant Tiwari, Oleg Ishanov, Evgeny A. Aseev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20200379853
    Abstract: Disclosed herein are systems and method for preventing malware reoccurrence when restoring a computing device using a backup image. In one exemplary aspect, a method may identify, from a plurality of backup images for a computing device, a backup image that was created most recently before the computing device was compromised. The method may mount the backup image as a disk and scanning the disk for malicious software. The method may disable all ports and services on the computing device to prevent unauthorized network connections and service launches. The method may restore data to the computing device from the mounted disk. The method may update software on the computing device and applying latest patches, and reopen the ports and restart the services on the computing device subsequent to updating the software and applying the latest patches.
    Type: Application
    Filed: June 1, 2020
    Publication date: December 3, 2020
    Inventors: Serguei Beloussov, Oleg Ishanov, Vladimir Strogov, Andrey Kulaga, Igor Kornachev, Alexey Sergeev, Anton Enakiev, Stanislav Protasov
  • Publication number: 20200311270
    Abstract: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.
    Type: Application
    Filed: March 26, 2020
    Publication date: October 1, 2020
    Inventors: Dmitry Gryaznov, Oleg Ishanov, Vladimir Strogov, Andrey Kulaga, Igor Kornachev, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200192769
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Application
    Filed: December 18, 2019
    Publication date: June 18, 2020
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 9614867
    Abstract: Disclose are system, method and computer program product for detection of malware on a user's computing device. An exemplary method comprises: detecting, by an antivirus application executing of the user's computing device, that an antivirus record is activated on the computing device for detecting a maliciousness of a software object, the antivirus record having a selected status indicator indicating at least one of: a working record, a test record, or an inactive record; in response to detecting the antivirus record having working or test status, checking, by the antivirus application, for a correction of the antivirus record with an antivirus server, wherein said correction includes a change in the status of the antivirus record; in response to receiving from the antivirus server the correction of the antivirus record, using by the antivirus application said correction for processing of the software object.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: April 4, 2017
    Assignee: AO Kaspersky Lab
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Publication number: 20160255101
    Abstract: Disclose are system, method and computer program product for detection of malware on a user's computing device. An exemplary method comprises: detecting, by an antivirus application executing of the user's computing device, that an antivirus record is activated on the computing device for detecting a maliciousness of a software object, the antivirus record having a selected status indicator indicating at least one of: a working record, a test record, or an inactive record; in response to detecting the antivirus record having working or test status, checking, by the antivirus application, for a correction of the antivirus record with an antivirus server, wherein said correction includes a change in the status of the antivirus record; in response to receiving from the antivirus server the correction of the antivirus record, using by the antivirus application said correction for processing of the software object.
    Type: Application
    Filed: April 14, 2016
    Publication date: September 1, 2016
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Patent number: 9350756
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application receives a software object for malware detections using an antivirus database and an antivirus cache. The antivirus database comprising antivirus records and the antivirus cache comprising corrections of the antivirus records. The antivirus application determines that software objection is malicious by activating an antivirus record based on information in the antivirus database or the antivirus cache. The antivirus application transmits information relating to the antivirus record to a server prior to executing actions associated with the antivirus record in response to detecting a selected status indicator of the antivirus record. The antivirus application then receives a correction of the antivirus record from the server for processing the software object.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: May 24, 2016
    Assignee: AO Kaspersky Lab
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Publication number: 20150128278
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application receives a software object for malware detections using an antivirus database and an antivirus cache. The antivirus database comprising antivirus records and the antivirus cache comprising corrections of the antivirus records. The antivirus application determines that software objection is malicious by activating an antivirus record based on information in the antivirus database or the antivirus cache. The antivirus application transmits information relating to the antivirus record to a server prior to executing actions associated with the antivirus record in response to detecting a selected status indicator of the antivirus record. The antivirus application then receives a correction of the antivirus record from the server for processing the software object.
    Type: Application
    Filed: January 16, 2015
    Publication date: May 7, 2015
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Patent number: 8966634
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application analyzes a software object for a presence of malware. The antivirus application includes an antivirus database and an antivirus cache. The antivirus application retrieves from the antivirus database an antivirus record associated with the analyzed object. The antivirus record indicates whether the object is clean or malicious and further includes at least a test antivirus record status indicator. The antivirus application checks at least in the antivirus cache for correction of the test antivirus record. The correction includes a change in the test status of the antivirus record. When a correction for the retrieved antivirus record is found in the antivirus cache, the antivirus application uses said correction for the antivirus record for a further processing of the software object.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: February 24, 2015
    Assignee: Kaspersky Lab ZAO
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Publication number: 20140215627
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application analyzes a software object for a presence of malware. The antivirus application includes an antivirus database and an antivirus cache. The antivirus application retrieves from the antivirus database an antivirus record associated with the analyzed object. The antivirus record indicates whether the object is clean or malicious and further includes at least a test antivirus record status indicator. The antivirus application checks at least in the antivirus cache for correction of the test antivirus record. The correction includes a change in the test status of the antivirus record. When a correction for the retrieved antivirus record is found in the antivirus cache, the antivirus application uses said correction for the antivirus record for a further processing of the software object.
    Type: Application
    Filed: March 31, 2014
    Publication date: July 31, 2014
    Applicant: Kaspersky Lab ZAO
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Patent number: 8732836
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example method, during analysis of a software object for malware, an antivirus application retrieves from an antivirus database an antivirus record associated with the analyzed object, which identifies the object as malicious or clean. The application also checks if there is a correction for the antivirus record in an antivirus cache and use the correction for analysis of the software object. If no correction is found in the cache, the application checks correctness of the antivirus record with an antivirus server. The antivirus server uses statistical information about software objects collected from antivirus applications deployed on different computers to validate correctness of antivirus records. If the antivirus server provides a correction for the antivirus record, the application uses the provided correction for analysis of the software object for malware.
    Type: Grant
    Filed: March 23, 2012
    Date of Patent: May 20, 2014
    Assignee: Kaspersky Lab ZAO
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov
  • Publication number: 20130139265
    Abstract: Disclose are system, method and computer program product for correcting antivirus records. In an example method, during analysis of a software object for malware, an antivirus application retrieves from an antivirus database an antivirus record associated with the analyzed object, which identifies the object as malicious or clean. The application also checks if there is a correction for the antivirus record in an antivirus cache and use the correction for analysis of the software object. If no correction is found in the cache, the application checks correctness of the antivirus record with an antivirus server. The antivirus server uses statistical information about software objects collected from antivirus applications deployed on different computers to validate correctness of antivirus records. If the antivirus server provides a correction for the antivirus record, the application uses the provided correction for analysis of the software object for malware.
    Type: Application
    Filed: March 23, 2012
    Publication date: May 30, 2013
    Inventors: Alexander A. Romanenko, Anton S. Lapushkin, Oleg A. Ishanov